Symantec Enforcer fails to download policy: EnforcerCompilerTask "Invalid Server List"

book

Article ID: 156565

calendar_today

Updated On:

Products

Network Access Control on Appliance Network Access Control Enforcer 6100 Series Appliance Network Access Control

Issue/Introduction

A Symantec Enforcer is able to register with the Symantec Endpoint Protection Manager (SEPM), but fails to download the policy.

A packet capture or the Enforcer kernel log shows the SEPM is sending HTTP 500 in return to the profile download request.

Enforcer profiles are not generated correctly under the SEPM data\outbox\enforcer folder.

 

The following error can be seen in the SEPM console (on the Admin - Servers tab), repeated every minute:

   06 June 2012 10:16:08 IST:  Unexpected server error.  [Site: Site *sitename*]  [Server: *servername*]

 

The following error can be found in the SEPM tomcat\logs\scm-server-0.log file:

   2012-06-06 10:16:08.390 THREAD 22 SEVERE:  in: com.sygate.scm.server.task.EnforcerCompilerTask
   com.sygate.scm.server.util.ScmServerError: Invalid Server List!

 

Resolution

The issue may be corrected by creating a new Management Server List in the SEPM and assigning to all Enforcer groups.

  • Create a new list entry under Policies, Policy Components, Management Server Lists and add the correct SEPM ip addresses.
  • Under Admin - Servers, select Edit Group Properties for each Enforcer Group, and select the new Management Server List.

If this does not resolve the problem the issue may be caused by a leftover Enforcer group entry in the SEPM database, that refers to a since deleted server list. Please contact Symantec Technical support to verify if this is the case, and for steps to clean invalid Enforcer group entries from the database.